package com.sap.cloud.security.token.validation.validators;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.sap.cloud.security.xsuaa.Assertions;
import com.sap.cloud.security.xsuaa.client.DefaultOAuth2TokenKeyService;
import com.sap.cloud.security.xsuaa.client.OAuth2ServiceException;
import com.sap.cloud.security.xsuaa.client.OAuth2TokenKeyService;
import java.net.URI;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nullable;

/* loaded from: input_file:com/sap/cloud/security/token/validation/validators/OAuth2TokenKeyServiceWithCache.class */
public class OAuth2TokenKeyServiceWithCache {
    private OAuth2TokenKeyService tokenKeyService;
    private Cache<String, PublicKey> cache;
    private long cacheValidityInSeconds = 600;
    private long cacheSize = 1000;

    private OAuth2TokenKeyServiceWithCache() {
    }

    public static OAuth2TokenKeyServiceWithCache getInstance() {
        return new OAuth2TokenKeyServiceWithCache();
    }

    public OAuth2TokenKeyServiceWithCache withCacheTime(int i) {
        if (i <= 600) {
            throw new IllegalArgumentException("The cache validity must be minimum 600 seconds");
        }
        this.cacheValidityInSeconds = i;
        return this;
    }

    public OAuth2TokenKeyServiceWithCache withCacheSize(int i) {
        if (i <= 1000) {
            throw new IllegalArgumentException("The cache size must be 1000 or more");
        }
        this.cacheSize = i;
        return this;
    }

    public OAuth2TokenKeyServiceWithCache withTokenKeyService(OAuth2TokenKeyService oAuth2TokenKeyService) {
        this.tokenKeyService = oAuth2TokenKeyService;
        return this;
    }

    @Nullable
    public PublicKey getPublicKey(JwtSignatureAlgorithm jwtSignatureAlgorithm, String str, URI uri) throws OAuth2ServiceException, InvalidKeySpecException, NoSuchAlgorithmException {
        Assertions.assertNotNull(jwtSignatureAlgorithm, "keyAlgorithm must not be null.");
        Assertions.assertHasText(str, "keyId must not be null.");
        Assertions.assertNotNull(uri, "keyUrl must not be null.");
        String uniqueCacheKey = getUniqueCacheKey(jwtSignatureAlgorithm, str, uri);
        if (((PublicKey) getCache().getIfPresent(uniqueCacheKey)) == null) {
            retrieveTokenKeysAndFillCache(uri);
        }
        return (PublicKey) getCache().getIfPresent(uniqueCacheKey);
    }

    private void retrieveTokenKeysAndFillCache(URI uri) throws OAuth2ServiceException, InvalidKeySpecException, NoSuchAlgorithmException {
        JsonWebKeySet createFromJson = JsonWebKeySetFactory.createFromJson(getTokenKeyService().retrieveTokenKeys(uri));
        if (createFromJson == null) {
            return;
        }
        for (JsonWebKey jsonWebKey : createFromJson.getAll()) {
            getCache().put(getUniqueCacheKey(jsonWebKey.getKeyAlgorithm(), jsonWebKey.getId(), uri), jsonWebKey.getPublicKey());
        }
    }

    private Cache<String, PublicKey> getCache() {
        if (this.cache == null) {
            this.cache = Caffeine.newBuilder().expireAfterWrite(this.cacheValidityInSeconds, TimeUnit.SECONDS).maximumSize(this.cacheSize).build();
        }
        return this.cache;
    }

    private OAuth2TokenKeyService getTokenKeyService() {
        if (this.tokenKeyService == null) {
            this.tokenKeyService = new DefaultOAuth2TokenKeyService();
        }
        return this.tokenKeyService;
    }

    public void clearCache() {
        if (this.cache != null) {
            this.cache.invalidateAll();
        }
    }

    public static String getUniqueCacheKey(JwtSignatureAlgorithm jwtSignatureAlgorithm, String str, URI uri) {
        return uri + String.valueOf(JsonWebKeyImpl.calculateUniqueId(jwtSignatureAlgorithm, str));
    }
}
